On Tue, 2 Jun 2009, Charles Gregory wrote:

Just to be sure that I'm thinking the right way about the 'no text body part' rule: If someone sends a 'normal' message, but elects to not type any text into the body, there *will* still be a mime 'text' section, and it will just be empty, right?

I think all MIME email clients do behave that way, yes.

So the 'no text body' would mean that the message was created *only* by a spam client that fails to add it?

Well, any tool that's composing MIME messages can choose to omit a text body part if no text is available - for example, a command-line tool that forwarded webcam images or screen shots might reasonably omit a text body part and create a message that would hit this rule.

In practice, we're only seeing it in spams. There may be false positives in some unusual situations, but it's not likely with legitimate human-generated email. Score accordingly.

--
 John Hardin KA7OHZ                    http://www.impsec.org/~jhardin/
 jhar...@impsec.org    FALaholic #11174     pgpk -a jhar...@impsec.org
 key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C  AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
  Any time law enforcement becomes a revenue center, the system
  becomes corrupt.
-----------------------------------------------------------------------
 4 days until the 65th anniversary of D-Day

Reply via email to